James R. Mirick sets the record straight on things he cares about

General Incompetence in the Commerce Department

Once again the Federal government, and once again the Commerce Department, have demonstrated how incapable they are of securing themselves against foreign penetration through Internet connections. In an article today (October 6th), the Washington Post reports:

“The attack targeted the computers of the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses. The bureau has stepped up its activity in regulating trade with China in recent years as the United States increased its exports of such dual-use items to the growing Chinese market.

“This marked the second time in recent months that U.S. officials confirmed that a major attack traced to China had succeeded in penetrating government computers. “

To cap it off, to show how little the people running our Federal networks understand about computers and cyber attacks, the article contains the following statement:

“Commerce officials have also decided they cannot salvage the workstations that employees had been using and instead will build an entirely new system for the bureau in the coming months with “clean hardware and clean software,” the senior official said. Foulon told employees in late August that they hoped to replace all the bureau’s workstations within three months.”

This is of course ridiculous, the hardware isn’t damaged by rootkits or viruses, but I suppose if you know nothing about it, throwing the stuff out and getting new does make some limited sense. But how long until the new ones are penetrated?

It would be so nice to see someone in the Commerce Department hung out to dry for this, it would be nice to see a Congressional investigation into who is responsible, and it would be nice to have some discussions with the Chinese about this, but given the pace of Federal data losses and network penetrations, Congress would be busy for the next few years doing nothing but hearings on the current backlogs.